From a00f4b6b84f941f33ae7797d2a5dd9abb2fca374 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Sat, 7 Feb 2026 09:03:36 +0100 Subject: [PATCH] feat(secubox-core): Add detail collector for LuCI flash views - Creates double-buffered JSON caches with last N entries - Caches: threats, kernel, syslog, crowdsec details - Writes to /tmp/secubox and /www for LuCI access - Cron runs every minute for real-time updates - Usage: secubox-detail-collector [count] [type] Co-Authored-By: Claude Opus 4.5 --- .../files/usr/sbin/secubox-detail-collector | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100755 package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector diff --git a/package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector b/package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector new file mode 100755 index 00000000..e28f734e --- /dev/null +++ b/package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector @@ -0,0 +1,77 @@ +#\!/bin/sh +# SecuBox Detail Collector - Last N entries for LuCI flash views + +CACHE_DIR="/tmp/secubox" +WWW_DIR="/www" +LIMIT="${1:-5}" + +mkdir -p "$CACHE_DIR" + +# Collect last N threats with full details +collect_threats() { + local out="$CACHE_DIR/threats-detail.json" + if [ -f /srv/mitmproxy/threats.log ]; then + printf "{\"updated\":\"%s\",\"count\":%d,\"entries\":[" "$(date -Is)" "$LIMIT" > "$out" + tail -n "$LIMIT" /srv/mitmproxy/threats.log | head -n "$LIMIT" | { + first=1 + while IFS= read -r line; do + [ "$first" = "1" ] || printf "," + first=0 + printf "%s" "$line" + done + } >> "$out" + printf "]}" >> "$out" + cp "$out" "$WWW_DIR/threats-detail.json" 2>/dev/null + fi +} + +# Collect last N kernel log entries +collect_kernel() { + local out="$CACHE_DIR/kernel-detail.json" + printf "{\"updated\":\"%s\",\"entries\":[" "$(date -Is)" > "$out" + dmesg 2>/dev/null | grep -iE "error|warn|fail" | tail -n "$LIMIT" | { + first=1 + while IFS= read -r line; do + [ "$first" = "1" ] || printf "," + first=0 + escaped=$(printf "%s" "$line" | sed 's/\\/\\\\/g; s/"/\\"/g') + printf "{\"msg\":\"%s\"}" "$escaped" + done + } >> "$out" + printf "]}" >> "$out" + cp "$out" "$WWW_DIR/kernel-detail.json" 2>/dev/null +} + +# Collect last N syslog entries +collect_syslog() { + local out="$CACHE_DIR/syslog-detail.json" + printf "{\"updated\":\"%s\",\"entries\":[" "$(date -Is)" > "$out" + logread 2>/dev/null | tail -n "$LIMIT" | { + first=1 + while IFS= read -r line; do + [ "$first" = "1" ] || printf "," + first=0 + escaped=$(printf "%s" "$line" | sed 's/\\/\\\\/g; s/"/\\"/g') + printf "{\"msg\":\"%s\"}" "$escaped" + done + } >> "$out" + printf "]}" >> "$out" + cp "$out" "$WWW_DIR/syslog-detail.json" 2>/dev/null +} + +# Collect last N CrowdSec alerts +collect_crowdsec() { + local out="$CACHE_DIR/crowdsec-detail.json" + printf "{\"updated\":\"%s\",\"entries\":" "$(date -Is)" > "$out" + cscli alerts list -l "$LIMIT" -o json 2>/dev/null >> "$out" || echo "[]" >> "$out" + printf "}" >> "$out" + cp "$out" "$WWW_DIR/crowdsec-detail.json" 2>/dev/null +} + +case "${2:-all}" in + threats) collect_threats ;; + kernel) collect_kernel ;; + syslog) collect_syslog ;; + crowdsec) collect_crowdsec ;; + all) collect_threats; collect_kernel; collect_syslog; collect_crowdsec ;; +esac